The first major update to HIPAA in more than a decade will eliminate the distinction between “required” and “addressable” safeguards, making key cybersecurity and physical security measures mandatory for all healthcare providers. This shift will expose gaps in hospitals’ fragmented security systems, though, according to Kumar Sokka, CEO of cybersecurity platform Acre Security.

The post Why Some Hospitals Won’t Be Able to Comply With Upcoming HIPAA Updates appeared first on MedCity News.

Medtronic suffered a cyberattack on its corporate IT systems. The incident highlights growing cybersecurity risks in the medtech sector, with cybergangs increasingly using phishing and other human-engineering tactics to gain access to data.

The post 6 Things to Know About Medtronic’s Cyberattack appeared first on MedCity News.

Stryker was hit by a cyberattack this week that knocked out its internal systems worldwide and caused delays to order processing and manufacturing. An Iran-linked group has claimed responsibility for the attack, but the full impact remains unclear.

The post 6 Things to Know About Stryker’s Cyberattack appeared first on MedCity News.

[Sponsored] Here are the best disaster recovery solutions for health care organizations.

The post A Guide to the Best Disaster Recovery Solutions for Health Care Organizations appeared first on MedCity News.

In a sector where delays are measured in lives, early detection, lower attacker dwell time, and system-level misdirection can literally save lives. By marrying preemptive and deceptive technologies, organizations can blunt the attack surface while simultaneously exposing hidden threats before damage is done. 

The post The Healthcare Sector’s Digital Contagion: Ransomware’s Relentless Grip appeared first on MedCity News.

Data is fueling the AI revolution, but it must be aligned with solving business challenges.

The post Trends in Health IT – What Should Organizations Prioritize in 2026? appeared first on MedCity News.

The cybersecurity process is something you need to invest effort in now. Here’s some insight on conducting a security risk analysis that is impactful for the whole life of a medical device or medical device software.

The post Conducting a Medical Device Security Risk Assessment appeared first on MedCity News.

Customers are no longer willing to accept vague assurances about security. Instead, they expect evidence of secure design, documented vulnerability management processes, and transparency about software components.

The post Healthcare’s Security Awakening Testing Patience of Medical Device Buyers appeared first on MedCity News.

Cybersecurity is no longer a function managed in the IT department’s back office. It’s a front-line brand issue, with real implications for patient satisfaction and loyalty. That means providers need to rethink how they talk about security. It’s no longer enough to be secure; you must communicate security clearly.

The post Why Cybersecurity Is Now Central to the Patient Experience appeared first on MedCity News.

Let’s not add salt to the wound of funding cuts and personnel changes by inadvertently inviting even more ransomware – here’s a closer look at health’s endpoint holes, how federal cuts could ultimately help ransomware hackers, and what ecosystem defenders can do to step up and fight back.

The post Federal Cuts Only Worsen Health’s Ransomware Problem appeared first on MedCity News.

There has been increased awareness of healthcare cybersecurity after last year’s massive Change Healthcare breach — but the sector remains dangerously vulnerable to cyberattacks. Experts warn that outdated systems, security staffing shortages and rushed tech adoption are leaving providers too exposed.

The post The Next Cyber Crisis Is Inevitable — and Healthcare Isn’t Ready appeared first on MedCity News.

[Sponsored] A report by Paubox maintains that many compliance failures are caused by false assumptions rather than negligence.

The post 5 Email Security Misconceptions That Put Healthcare Organizations at Risk appeared first on MedCity News.

Healthcare providers are making cybersecurity progress, but serious vulnerabilities remain — especially when it comes to AI governance, third-party risk, and limited budgets. Fortified Health Security CEO Dan Dodson urged the industry to stop waiting for perfect conditions and act decisively to strengthen their defenses.

The post Despite Progress, Healthcare Cybersecurity Is Still Falling Short appeared first on MedCity News.

[Sponsored] AI-powered threats are overwhelming outdated IT defenses. Discover why email remains healthcare’s biggest cybersecurity vulnerability and what can be done to address it.

The post AI-Driven Email Attacks Are Exploding. Is Your Healthcare Organization at Risk? appeared first on MedCity News.

[Sponsored] A new report by Paubox calls for healthcare IT leaders to dispose of outdated assumptions about email security and address the challenges of evolving cybersecurity threats.

The post Hackers Use AI to Amplify Email Security Threats to Healthcare appeared first on MedCity News.

Organizations need to take a proactive approach to identify, prioritize and mitigate threats in real time. This means gaining visibility and control into all physical and virtual assets.

The post A Preemptive Prescription to Cyber Exposure Management appeared first on MedCity News.

When an attack or other issue occurs, the main difference between being down for months versus minutes or a day is having a mature and tested incident response plan. Without a plan, your cybersecurity team is flying blind, resulting in confusion and inefficiency that significantly slows your response time.

The post How Healthcare Can Reduce Cybersecurity Response Times from Hours to Minutes  appeared first on MedCity News.

[Sponsored] The report, 60% of Healthcare Orgs Admit Email Security Failure, highlights what Paubox says is a broken infrastructure at the heart of this issue, exposing millions to preventable risks. It also offers recommendations to fix the problems.

The post Report Highlights Data Breach Risks Email Vulnerabilities Pose to Healthcare appeared first on MedCity News.

Much like preventative care in medicine — where doctors can detect potential illnesses and diseases in their early stages — healthcare facilities can improve their security posture through preemptive strategy and preventative measures.

The post The Future of Healthcare Cybersecurity: Preemptively Defending Against Emerging Threats appeared first on MedCity News.

Cybersecurity and data protection in healthcare is only as strong as its weakest crack. Medical device makers, pharmaceutical firms, health IT, privacy equity, research organizations, and consolidated systems all play a role in vulnerabilities, and their shortcomings can ripple outward, endangering patient data and trust.

The post The Hidden Cracks in Healthcare’s Cybersecurity Ecosystem appeared first on MedCity News.

All healthcare entities storing or transferring patient health information needs to be aware of a proposed update to HIPAA tackling data encryption. Bryan Marlatt, chief regional officer at CyXcel, talks with us about the evolving threat landscape and what the proposed rule means for healthcare organizations.

The post Pivot: Discussing the Impact of a Proposed HIPAA Security Update appeared first on MedCity News.

About 90% of healthcare organizations are insecurely connected to the internet and running systems vulnerable to exploitation by ransomware gangs, according to new research. It also found that 78% of providers have made ransomware payments of $500,000 or more.

The post Most Healthcare Providers Remain Highly Vulnerable to Ransomware Attacks appeared first on MedCity News.

How do you know a vendor handles data properly? Fortunately, independently-audited certifications can ease your concerns about a developer’s trustworthiness.

The post Building Trust in Medical Software Development through Certifications appeared first on MedCity News.

In this game of 3D chess, our opponent is becoming more sophisticated, and healthcare organizations must constantly focus on protecting their most valued pieces, their data. The possible ramifications across healthcare are too valuable to let our guard down.

The post One Year Post-Change Healthcare Cyber Attack: What Keeps This Healthcare CTO Awake at Night appeared first on MedCity News.

A conversation with David Bardan, the general manager of the healthcare business at Clear, shows how the company is bringing its expertise to counter cybersecurity threats in the healthcare industry.

The post MedCity Pivot Podcast: Being Clear About Cybersecurity appeared first on MedCity News.

The vast majority of healthcare organizations have spotted a cyberattack and suffered financial consequences as a result in the past 12 months, according to new research. A separate report also found that overall cyberattacks on healthcare organizations have risen by 32% year-over-year.

The post Cybersecurity Threats Continue to Rise for Healthcare Organizations, Research Shows appeared first on MedCity News.

Healthcare providers and vendors are learning the hard way that hackers are relentless and resourceful, constantly adjusting tactics and tools and using new technology, including AI, to launch more sophisticated attacks.

The post Healthcare’s Cybersecurity Crisis: Why Today’s Defenses Are Failing Against Evolving Threats appeared first on MedCity News.

HHS is proposing major changes to HIPAA for the first time in more than a decade, aiming to strengthen cybersecurity protocols for electronic health data. Healthcare cybersecurity leaders are mainly in favor of the proposal — though there are some concerns that smaller providers will struggle with the financial and operational burdens of compliance.

The post HHS’ Proposed HIPAA Changes Are a Step in the Right Direction, But Some Providers May Struggle to Comply appeared first on MedCity News.

Implementing a thorough federal privacy law and broadening HIPAA protections to include new mHealth technologies are crucial steps in enhancing personal data security. Equally important, companies and developers should adhere to strict ethical standards and robust security protocols during app development to protect users’ sensitive information.

The post Mental Health Data Sells, But Who’s Buying? appeared first on MedCity News.

U.S. healthcare organizations lose $1.9 million on average during each day of downtime following a ransomware attack, according to new research from Comparitech. Rebecca Moody, Comparitech’s head of data research, predicted that the rate of ransomware attacks in the healthcare sector will accelerate even more in 2025.

The post Healthcare Providers Lose Nearly $2M Per Day Due to Cyberattack-Induced Downtime appeared first on MedCity News.